ID

VAR-201303-0326


CVE

CVE-2013-2560


TITLE

Foscam Directory traversal vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-001913

DESCRIPTION

Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials. ( Dot dot ) including URI Any file may be read via. Foscam is a webcam video recording device. Foscam has a path traversal vulnerability where an unauthenticated attacker can access the entire file system and steal network and WiFi credentials. Foscam is prone to a directory-traversal vulnerability. This may aid in further attacks. Foscam is a leading professional high-tech company providing IP video products and solutions

Trust: 2.52

sources: NVD: CVE-2013-2560 // JVNDB: JVNDB-2013-001913 // CNVD: CNVD-2013-01448 // BID: 58290 // VULHUB: VHN-62562

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-01448

AFFECTED PRODUCTS

vendor:foscammodel:fi8919wscope:lteversion:firmware_11.37.2.47

Trust: 1.0

vendor:foscammodel:fi8919wscope:ltversion:firmware 11.37.2.49

Trust: 0.8

vendor:foscammodel:foscamscope:lteversion:<=11.37.2.48

Trust: 0.6

vendor:foscammodel:fi8919wscope:eqversion:firmware_11.37.2.47

Trust: 0.6

sources: CNVD: CNVD-2013-01448 // JVNDB: JVNDB-2013-001913 // CNNVD: CNNVD-201303-334 // NVD: CVE-2013-2560

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2560
value: HIGH

Trust: 1.0

NVD: CVE-2013-2560
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201303-334
value: HIGH

Trust: 0.6

VULHUB: VHN-62562
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-2560
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-62562
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-62562 // JVNDB: JVNDB-2013-001913 // CNNVD: CNNVD-201303-334 // NVD: CVE-2013-2560

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-62562 // JVNDB: JVNDB-2013-001913 // NVD: CVE-2013-2560

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201303-334 // CNNVD: CNNVD-201303-075

TYPE

path traversal

Trust: 1.2

sources: CNNVD: CNNVD-201303-334 // CNNVD: CNNVD-201303-075

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001913

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-62562

PATCH

title:Top Pageurl:http://foscam.us/

Trust: 0.8

title:Foscam path traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/32615

Trust: 0.6

sources: CNVD: CNVD-2013-01448 // JVNDB: JVNDB-2013-001913

EXTERNAL IDS

db:NVDid:CVE-2013-2560

Trust: 2.8

db:BIDid:58290

Trust: 1.0

db:JVNDBid:JVNDB-2013-001913

Trust: 0.8

db:PACKETSTORMid:120624

Trust: 0.7

db:CNNVDid:CNNVD-201303-334

Trust: 0.7

db:CNVDid:CNVD-2013-01448

Trust: 0.6

db:BUGTRAQid:20130313 RE: [CVE-REQUEST] FOSCAM <= 11.37.2.48 PATH TRAVERSAL VULNERABILITY

Trust: 0.6

db:CNNVDid:CNNVD-201303-075

Trust: 0.6

db:EXPLOIT-DBid:38356

Trust: 0.1

db:VULHUBid:VHN-62562

Trust: 0.1

sources: CNVD: CNVD-2013-01448 // VULHUB: VHN-62562 // BID: 58290 // JVNDB: JVNDB-2013-001913 // CNNVD: CNNVD-201303-334 // CNNVD: CNNVD-201303-075 // NVD: CVE-2013-2560

REFERENCES

url:http://archives.neohapsis.com/archives/bugtraq/2013-03/0080.html

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2560

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2560

Trust: 0.8

url:http://packetstormsecurity.com/files/120624/foscam-firmware-11.37.2.48-path-traversal.html

Trust: 0.6

url:http://www.securityfocus.com/bid/58290

Trust: 0.6

sources: CNVD: CNVD-2013-01448 // VULHUB: VHN-62562 // JVNDB: JVNDB-2013-001913 // CNNVD: CNNVD-201303-334 // CNNVD: CNNVD-201303-075 // NVD: CVE-2013-2560

CREDITS

Frederic Basse

Trust: 0.9

sources: BID: 58290 // CNNVD: CNNVD-201303-075

SOURCES

db:CNVDid:CNVD-2013-01448
db:VULHUBid:VHN-62562
db:BIDid:58290
db:JVNDBid:JVNDB-2013-001913
db:CNNVDid:CNNVD-201303-334
db:CNNVDid:CNNVD-201303-075
db:NVDid:CVE-2013-2560

LAST UPDATE DATE

2024-11-23T22:56:41.093000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-01448date:2013-05-20T00:00:00
db:VULHUBid:VHN-62562date:2013-03-20T00:00:00
db:BIDid:58290date:2013-10-16T01:04:00
db:JVNDBid:JVNDB-2013-001913date:2013-03-21T00:00:00
db:CNNVDid:CNNVD-201303-334date:2013-03-18T00:00:00
db:CNNVDid:CNNVD-201303-075date:2013-03-07T00:00:00
db:NVDid:CVE-2013-2560date:2024-11-21T01:51:56.790

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-01448date:2013-03-06T00:00:00
db:VULHUBid:VHN-62562date:2013-03-15T00:00:00
db:BIDid:58290date:2013-03-01T00:00:00
db:JVNDBid:JVNDB-2013-001913date:2013-03-21T00:00:00
db:CNNVDid:CNNVD-201303-334date:2013-03-18T00:00:00
db:CNNVDid:CNNVD-201303-075date:2013-03-06T00:00:00
db:NVDid:CVE-2013-2560date:2013-03-15T20:55:11.413